DPRK-USA Singapore Summit
On June 12, 2018, Singapore became the host of the landmark meeting that brought Kim Jong Un and Donald Trump together at a historic summit. While it’s not the very first time Singapore has played host to political meetings, the DPRK–USA Summit was probably the buzziest event for the Asia-Pacific region in decades.
Our GEVME team was given an important mission to power the online and onsite registrations for the summit. As an official event technology partner, the company was responsible for building a secure check-in infrastructure as well as an efficient registration flow for the various groups of attendees on the ground.
Due to the nature of the project as well as the huge number of stakeholders involved, there were a great deal of challenges that had to be solved by the GEVME team over a very short period of time:
1. Ensuring security online and on the ground: Sentosa Island was chosen as the location for this high-stakes meeting for a number of reasons. Not only do the local hotels provide impeccable services and luxurious amenities, but they are also the best location in terms of security and privacy. With such a huge focus on secure experiences, the core challenge for our team was to ensure security and personal data protection. This required a lot of planning, optimisation, and active monitoring of hardware and software throughout the event.
2. Staying connected: Training and communication were other important focuses of attention. Because the venue was quite large, it was crucial to build an efficient communication system for getting in touch, organising shifts, and solving any ongoing issues as quickly as possible.
3. Cooperating with multiple stakeholders: The most fundamental challenge was likely learning to deal with the huge number of stakeholders at various levels:
Five integrated GEVME solutions—online registration, onsite check-in, onsite photo taking, onsite security check, and name badge printing—were selected specifically for this event. Thanks to the integration capabilities of the product and the tight cooperation among multiple stakeholders, the execution was flawless. Here are the key actions that were taken to get the system up and running:
1. Onsite planning
The pre-event stage was crucial because we wanted to have a 100% guarantee that both the hardware and software would function optimally during the summit.
A number of meetings were organised for the purpose of discussing the planning procedures with the clients from the IT department. We also cooperated closely with the media division that was in charge of the journalists in order to learn how the process of media accreditation would work in terms of the flow. After the key requirements had been determined, the launching process was ready to begin, starting with performance and security testing.
2. Testing processes
Our two main counterparts in terms of planning were security and infrastructure vendors.
While the security team was mainly responsible for system testing, the main task of the infrastructure vendors was to create an ecosystem that would be capable of handling the needed capacities.
In terms of venue testing, the GEVME team worked with the owner of the venue, F1 Pit, as well as the client itself, the Ministry of Communications and Information (MCI). Connectivity was another important issue. Through cooperation with Cyntel, the official event partner responsible for Internet connectivity, we managed to come up with the optimal network settings and procedures.
To align with the capabilities of the venue, both our team and the clients had to make numerous visits to the site. Since we were unfamiliar with the venue, we had to visit three times before we could actually come up with the floor plan that was subsequently presented to the client.
To ensure that all the systems functioned flawlessly during the event, four testing processes were conducted on our software and hardware:
- Security testing or vulnerability testing: One independent party conducted vulnerability testing on our application.
- Penetration testing: Simulated attacks on the computers were also conducted by a third party.
- User acceptance testing: Once the entire system had been set up, we had to work with the government and the users to ensure that everything they required had been put into place.
- Performance testing: We had to ensure that the website wouldn’t crash. If there had been any risk of the website going down, we would have had to get the higher-load server.
3. Security requirements
Prior to the summit, the GEVME team had to put into place two different sets of security practices in terms of Online Registration and Onsite:
Online Registration: For the registration, the majority of requirements we had to adhere to were in the area of cybersecurity. Specifically, we had to set the related firewalls as well as make sure our servers were properly protected against malware, DDoS attacks, or any other possible web vulnerabilities. On top of that, it was critical to have complete clarity in terms of who had physical access to the servers, who could view the data, and who was in charge of server maintenance.
Onsite: In the case of onsite practices, the team primarily focused on the security of hardware. “The concern was, what if somebody comes in and is able either to steal a computer or connect to our network and get access to the event data?” recalls GlobalSign.in’s CEO, Veemal Gundagin. “We had to ensure that computers were secured. Through the use of Hardened Linux, quite a few security measures were put into place. Moreover, we employed what is known as a thin client approach, meaning all the data was stored on the cloud and not on computers. So even if someone had stolen a laptop, he/she still wouldn’t have been able to access the data.” Additionally, we worked on the prevention of name badge duplication. To ensure they were impossible to duplicate, a unique, encrypted QR code was assigned to each name badge. In addition, each of these had a unique hologram that couldn’t be copied.
4. Onsite staff training
Because GlobalSign.in is ISO 27001 certified, it’s required that all of its employees are sensitized with regards to cybersecurity and optimal security practices. This means that everyone who was a part of the GEVME onsite team was aware of the data protection mechanisms that had to be put into place right from the start.
However, considering the nature of the project, we had to take part in numerous relevant briefings as well as automate communications. Much of the communication was done over instant messaging, which was very convenient because it allowed for the creation of different groups of users. Since the venue was very large, it was critical to stay connected with our clients and the team.
Interestingly, a large portion of the onsite staff were volunteers; they formed the silver service in terms of the Singaporean government. So for the volunteer training, which was mainly based on role playing, we had to take advantage of the experience of our onsite technical specialists to get volunteers on track as quickly as possible.
5. Contingency planning
Risk assessment is an important part of planning, especially in terms of enterprise-level events. Because of this, the procedure we used here was pretty standard. Based on the product itself, the types of data, and the responsibilities of onsite staff, we came up with a list of all possible risks. Next, we rated each of them as high, medium, or low risks. These were the key factors that our contingency plans were eventually based upon.
5. Data access control
Because personal data in Singapore is protected under the Personal Data Protection Act (PDPA), this was the major law we had to follow in terms of data access control. Similarly to GDPR, PDPA covers a range of different regulations that the team had to comply with in terms of data storage, use, and purging. In the context of the DPRK–USA Summit specifically, it was very important to ensure that only relevant people had access to the data and that the data would be purged immediately after the event was finished.
According to GlobalSign.in’s CEO, Veemal Gundagin, enabling the proper data protection practices wasn’t too challenging because GEVME was compliant with PDPA right from the start. This allowed the team to fully focus on access control mechanisms, and in this case, a very restrictive approach was taken: “Basically, the data shouldn’t have been accessible to anybody, except those who were explicitly invited to the GEVME project. Also, two-factor or multi-factor authentication was applied with whomever had access to the back end.”
The historic summit was attended by over 5,000 people, from politicians and civil servants to the representatives of the world’s leading media companies. Even though the team had only around two weeks to put up thousands of registration forms and approval processes (not to mention all the testing), the challenge was handled successfully.
Because our SaaS platform is, basically, an out-of-the-box solution, it was easily aligned with the whole range of needs that the Singapore government had with regard to this event. It didn’t take much time to adopt the system because it had already been tested and proven. Apart from relevant security checks and auditing processes, nothing had to be done from scratch.
The participation in the DPRK–USA Summit became a great testament to our security standards and the automation we could enable through the integrated GEVME products. In addition to that, the whole experience was very inspiring for the team:
The opportunity to experience that vibe and showcase our solutions was itself a huge honour for GlobalSign.in. We are hopeful there will be many more global events held in Singapore in the years to come and are committed to bringing the best technologies to each of these events.
GEVME is a one-stop event management and event marketing software. With a focus on top-notch event technologies, GEVME helps you power your entire event lifecycle in one place. For more information on how you can refine each stage of your event management through GEVME, visit our website.